Serpscan is a powerfull php script designed to allow you to leverage the power of dorking straight from the comfort of your command line.

Related tags

Security SerpScan
Overview

SerpScan

SerpScan

GitHub last commit GitHub issues

Serpscan is a powerful PHP tool designed to allow you to leverage the power of dorking straight from the comfort of your command line.

Table of Contents

About Serpscan

Serpscan is a powerful PHP script designed to allow you to leverage the power of dorking straight from the comfort of your command line.

Serpscan offers powerfull use of (Google,Bing,Yahoo,Yandex,Badiu) search directives, by analyzing results from searches using multiple external tools.

You can run the tool in your PC or [VPS].

Features

  • Scan multiple domains
  • Subdomain Enumeration
  • Checks alive subdomain
  • Finds URLs from all search engines
  • Finds js files
  • Search endpoints in js files
  • Finds parameters
  • Finds directories
  • Export results in html,json
  • You can customize you dorks in config file

Prerequisites

Name Repository
subfinder https://github.com/projectdiscovery/subfinder
httpx https://github.com/projectdiscovery/httpx
hakrawler https://github.com/hakluke/hakrawler

Docker

Copy the commaand and use it for docker.

docker run -it alaa0x2/serpscan:latest php /usr/src/SerpScan/start.php -d domain.com -t html

Installation

  1. git clone https://github.com/Alaa-abdulridha/SerpScan.git
  2. cd SerpScan
  3. chmod 777 install.sh
  4. ./install.sh
  • You should add your SerpApi Key to the conf.php file
  • You can grab your key from serpapi
  • Also you can add your dorks to the config file without any problems
<?php

require __DIR__ . '/vendor/autoload.php';
require __DIR__ . '/SAPI.class.php';

ini_set('max_execution_time', 0);
set_time_limit(0);
date_default_timezone_set('Asia/Riyadh');

// Replace with your API key.
$APIKey = 'API_KEY'

$outputPath = 'result';
$usePackage = true;

$domainsFile = 'domains.txt';

// query need to search , {{DOMAIN}} not change ever
$engine = [
	['google', 'q', [
		'subDomain' 	=> 'site:.{{DOMAIN}}', // not change key
		'SQLErrors'		=> 'site:{{DOMAIN}} intext:"sql syntax near" | intext:"syntax error has occurred" | intext:"incorrect syntax near" | intext:"unexpected end of SQL command" | intext:"Warning: mysql_connect()" | intext:"Warning: mysql_query()" | intext:"Warning: pg_connect()"',
		'PubDocum'		=> 'site:{{DOMAIN}} ext:doc | ext:docx | ext:odt | ext:rtf | ext:sxw | ext:psw | ext:ppt | ext:pptx | ext:pps | ext:csv',
		'PHP_Err_Warn'	=> 'site:{{DOMAIN}} "PHP Parse error" | "PHP Warning" | "PHP Error"',
		'PHP_INFO'		=> 'site:{{DOMAIN}} ext:php intitle:phpinfo "published by the PHP Group"',
		'DirLIstVuln'	=> 'site:{{DOMAIN}} intitle:index.of',
		'ConfigsFiles'	=> 'site:{{DOMAIN}} ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:ini | ext:env',
		'PastingSites'	=> 'site:pastebin.com | site:paste2.org | site:pastehtml.com | site:slexy.org | site:snipplr.com | site:snipt.net | site:textsnip.com | site:bitpaste.app | site:justpaste.it | site:heypasteit.com | site:hastebin.com | site:dpaste.org | site:dpaste.com | site:codepad.org | site:jsitor.com | site:codepen.io | site:jsfiddle.net | site:dotnetfiddle.net | site:phpfiddle.org | site:ide.geeksforgeeks.org | site:repl.it | site:ideone.com | site:paste.debian.net | site:paste.org | site:paste.org.ru | site:codebeautify.org  | site:codeshare.io | site:trello.com "{{DOMAIN}}"',
		'DBFiles'		=> 'site:{{DOMAIN}} ext:sql | ext:dbf | ext:mdb',
		'SearchGit'		=> 'site:github.com | site:gitlab.com "{{DOMAIN}}"',
		'SearchStack'	=> 'site:stackoverflow.com "{{DOMAIN}}"',
		'LogsFiles'		=> 'site:{{DOMAIN}} ext:log',
		'BackupFiles'	=> 'site:{{DOMAIN}} ext:bkf | ext:bkp | ext:bak | ext:old | ext:backup',
		'LoginPages'	=> 'site:{{DOMAIN}} inurl:login | inurl:signin | intitle:Login | intitle:"sign in" | inurl:auth',
		'SignupPages'	=> 'site:{{DOMAIN}} inurl:signup | inurl:register | intitle:Signup',
	]],

	['baidu', 'q', [
		'subDomain' => 'site:.{{DOMAIN}}', // not change key
	]],

	['bing', 'q', [
		'subDomain' => 'site:.{{DOMAIN}}', // not change key
	]],

	['yahoo', 'p', [
		'subDomain' => 'site:.{{DOMAIN}}', // not change key
	]],

	['yandex', 'text', [
		'subDomain' => 'site:{{DOMAIN}}', // not change key
	]]
];

Usage

php serpscan.php -d target .com -t html

Flag Description Example
-d Domain to scan subdomains for php start.php -d target.com -t html
-t The template of result (html,json) php start.php -d target.com -t html
-w File containing list of domains to enumerate php start.php -w domains.txt -t html

Environment tested

CentOS & Ubuntu By using the Install.sh

Windows 10, by manually installation.

Results


SerpScan

Credits

SerpScan has been possible thank you to the following projects.

Disclaimer

  • SerpScan was written for education purposes only.

Todo

Feel free to contribute:

  • Improve the tree view within the results report.
  • Improving the report by marking the dead subdomains from the alive ones.
  • Making the install.sh file to support the other linux distributions.
  • Creating install.bat to make an easy installation for windows.
You might also like...
A simple port scanner script.
A simple port scanner script.

A-simple-port-scanner Description: A basic port scanner which checks if a port is opened, closed, or filtered. This scanner can be improved in many wa

Script to fill phishing sites databases with random data and prevent theft

phsfill Script to fill phishing sites databases with random data and prevent theft Installation & Build: To install the library, run go install github

Doctl: A command-line interface (CLI) for the DigitalOcean API

doctl doctl is a command-line interface (CLI) for the DigitalOcean API. Usage:

Exploit for remote command execution in Golang go get command.

CVE-2018-6574 Exploit for remote command execution in Golang go get command. Introduction When you go get a package, Go is designed to build and insta

High-Performance Shortlink ( Short URL ) app creator in Golang. For privacy reasons, you may prefer to host your own short URL app and this is the one to use.
High-Performance Shortlink ( Short URL ) app creator in Golang. For privacy reasons, you may prefer to host your own short URL app and this is the one to use.

About The Project Shortlink App in Golang Multiple Node based Architecture to create and scale at ease Highly performant key-value storage system Cent

Secretsmanager - Secrets management that allows you to store your secrets encrypted in git

I created secretsmanager to store some secrets within a repository. The secrets are encrypted at rest, with readable keys and editable JSON, so you can rename a key or delete it by hand. The cli tool handles the bare minumum of requirements.

Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories: www.shhgit.com
Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories: www.shhgit.com

shhgit helps secure forward-thinking development, operations, and security teams by finding secrets across their code before it leads to a security br

Encrypt your files or notes by your GPG key and save to MinIO or Amazon S3 easily!
Encrypt your files or notes by your GPG key and save to MinIO or Amazon S3 easily!

Super Dollop Super Dollop can encrypt your files and notes by your own GPG key and save them in S3 or minIO to keep them safe and portability, also yo

Create strong passwords using words that are easy for you to remember
Create strong passwords using words that are easy for you to remember

Grasp Create strong passwords using words that are easy for you to remember A way to circumvent password complexity rules and restrictions while only

Owner
Alaa Abdulridha
Security Engineer and a Professional Web Pentester
Alaa Abdulridha
crowdsec 5.6k Oct 2, 2022
Implementation of io/fs.FS that appends SHA256 hashes to filenames to allow for aggressive HTTP caching.

hashfs Implementation of io/fs.FS that appends SHA256 hashes to filenames to allow for aggressive HTTP caching.

Ben Johnson 217 Sep 11, 2022
SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.

SourcePoint SourcePoint is a polymorphic C2 profile generator for Cobalt Strike C2s, written in Go. SourcePoint allows unique C2 profiles to be genera

Tylous 666 Sep 26, 2022
PHP security vulnerabilities checker

Local PHP Security Checker The Local PHP Security Checker is a command line tool that checks if your PHP application depends on PHP packages with know

Fabien Potencier 947 Sep 21, 2022
A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests

Naabu is a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner. It is a really simple to

ProjectDiscovery 2.6k Sep 28, 2022
SingularityCE is the Community Edition of Singularity, an open source container platform designed to be simple, fast, and secure.

SingularityCE Guidelines for Contributing Pull Request Template Project License Documentation Support Citation SingularityCE is the Community Edition

Sylabs Inc. 324 Sep 30, 2022
A simple Go script to brute force or parse a password-protected PKCS#12 (PFX/P12) file.

A simple Go script to brute force or parse a password-protected PKCS#12 (PFX/P12) file.

Evi1cg 33 Sep 10, 2022
Go script for bypassing 403 forbidden

Bypass-403 Go script for bypassing 403 forbidden Update V1.1.0 ?? Close response body of every request in order to avoid leak Add timeout to avoid slo

Muhammad Daffa 74 Sep 1, 2022
GoLang script that checks for password leaks by sending email address to the BreachDirectory API

GoLang script that checks for password leaks by sending email address to the BreachDirectory API

null 11 Feb 17, 2022